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A system for managing policy services in an 
orga<^i\ation, the organization including a first network having 
a firstXset of resources and a second network remote from the 
first ne\^ork having a second set of resources, the system 



. . \ 

10 comprising:-. 



J aXfirst edge device associated with the first network, 

^ the first ed^e device configured to manage policies for the first 
V network and th^^ first set of resources in accordance with first 
policy settingsytored in a first database; 
15 a second edge device associated with the second 

network, the second edge device configured to manage policies for 
the second network ^d the second set of resources in accordance 
with second policy sUtings stored in a second database; and 

a central p\licy server defining the first and second 
20 policy settings and maXaging the first and second edge devices 
from a single locati^, the central policy server being 
associated with a cental database storing configuration 
information of the first d^d second edge devices, wherein the 
central database is organize)^ according to a hierarchical object 
25 oriented structure. 

2. The system of claim l\ wherein the first and second 
databases are organized according to the hierarchical object 
oriented structure. 



3. The system of claim 1, wherein the configuration 
information includes the first and second policy settings. 

4. The system of claim 3, wherein thfe hierarchical object 
oriented structure includes a plurality of >^ource objects and 
policy objects for defining the first and secor^^policy settings. 
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5. The system of claim 4, wherein the central database and 
the ^rst and second databases are Lightweight Directory Access 
Protocol (LDAP) databases storing each resource object and policy 
object ays an LDAP entry. 

10 .6. \he system of claim 4, wherein the resource objects are 

selected frbm a group consisting of devices, users, hosts, 
services, ano^time. 

7. The s\stem of claim 6, .wherein the devices include the 
15 first and second\dge devices, each device being associated with 

a set of users anka particular host. 

8. The systeiXof claim 6, wherein the hosts include the 
first and second netwc 

20 

9. The system of \laim 4,' wherein the policy objects are 
selected from a group Vonsisting of bandwidth, firewall, 
administration, and virtuaXprivate network grouping. 

25 10. The system of 0131X^9, wherein the virtual private 

network grouping includes a viX,ual private network associated 
with one or more sites, users, an\l rules. 

11. The system of claim 10', wheVein each site includes one 
or more networks behind an edge device 
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12. The system of claim 10, wherein e«he rules are firewall 
rules providing acces s control 'over ne twork traffic flowing 
t Wl ' aUyli, U He virtual private network. 
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In a system including a first network having a first 
set /fXresources and a second network remote from the first 
networkVaving a second set of resources, the first network being 
associated with a first edge device and a first database, and the 
second network being associated with a second edge device and a 
10 second database, the system further including . a central policy 
server in cd^unication with the first and second edge devices, 
the central \policy server being associated with a central 
database, a m^hod for managing policy services in the system 
comprising: 

storing configuration information of the first and 
second edge devicL in the central database, the central database 
being organized inVa hierarchical object oriented structure; 

storing fVrst policy settings in the first database; 

storing sefcond policy settings in the second database; 
20 managing pdiicies for the first network and the first 

set of resources fromVhe first edge device in accordance with 
the first policy settings stored in the first database; 

managing policoSes for the second network and the second 
set of resources from theNsecond edge device in accordance with 
.25 the second policy settings Stored in the second database; and 

defining the firsts, and second policy settings and 
managing the first and seconis^ edge devices from the central 
policy server. 

30 14. The method of claim 13,\wherein the first and second 

databases are organized according \to the hierarchical object 
oriented structure 

15. The method of claim 13, wherein the configuration 
35 information includes the first and seconk policy settings. 
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Ne. The method of claim 15, wherein the hierarchical object 
orient\d structure includes a plurality of resource objects and 
policy \bjects for defining the first and second policy settings. 

17. \The method of claim 16, wherein the central database 
and the fiSrst and second databases are Lightweight Directory 
Access Protocol (LDAP) databases storing each resource object and 
policy object\as an LDAP entry. 

18. The meYhqd of claim 16, wherein the resource objects 
are selected froiXa group consisting of devices, users, hosts, 
services, and time, 

19. The method \f claim 18, wherein the devices include the 
first and second edge devices, each device being associated with 
a set of users and a particular host. 

20. The method .'of cl^m 18, wherein the hosts include the 
first and second networks. 

21. The method of claim iV wherein the policy objects are 
selected from a group consisXing of bandwidth, firewall, 
administration, and virtual privat^ network grouping. 

22. The method off claim 21, wWerein the virtual private 
network grouping includes a virtual p^ate network associated 
with one or more sites, users, and rules 



23. The method of claim 22, wherein eadb site includes one 
Oil' more ncr b wuikb beh'i nd an eage device. ' 
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5 24. The method of c>a4ni 22, wherein the rules are firewall 

rules providing access contrdi^over network traffic flowing 
I h ' i .o u y h Lhid ~vlrtual privdLe l teLwo i^k-; 
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